Month: December 2012

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

19,000 people fit into the new Barclays Center to see Jay-Z perform. This blog was viewed about 160,000 times in 2012. If it were a concert at the Barclays Center, it would take about 8 sold-out performances for that many people to see it.

If you’re looking for a New Year’s Resolution – have you considered leaving Facebook? There are many reasons to do so, and getting more compelling all the time – all it takes is a little resolution.

1) Privacy

Everyone should be aware that privacy is an issue with Facebook. So many people put so much ‘private’ information onto Facebook that the possibility that your private information, photos, stories etc might get known to a wider public should be obvious. We shouldn’t be shocked when bad things happen – and yet even Randi Zuckerberg, sister of Facebook’s founder Mark Zuckerberg, still seemed surprised and upset when a ‘private’ family photograph she posted somehow made its way onto Twitter. It wasn’t hacked, scraped, leaked or anything nasty – it’s just that Facebook is designed that way. The private becomes public all too easily – ‘sharing’ means you lose control. If Randi had just emailed the pic to her family, or put it on a genuinely private site, none of this would have happened.

2) Real Names Policy

Facebook’s policy is that people should only ever use their real names – and this can have very bad consequences. There are many people for whom using real names is dangerous, from whistle-blowers to political dissidents, from victims of domestic abuse to people just wanting to harmlessly let off steam. And it’s not just in the extremes that it matters: forcing a real names policy can matter to almost anyone. It helps anchor your ‘online’ life to your ‘offline’ life – meaning that anyone wishing to take advantage of you, to manipulate you, to take information out of context etc, and link what they find out about you online to your offline existence. Real names policies are potentially deeply pernicious – and not only does Facebook have one, but it is ratcheting up its efforts to enforce it. Snitchgate, about which I blogged in September, was just one example, where they experimented with getting people to ‘snitch’ on their friends for not using their real names. For Facebook, a real names policy has value – it makes their data on you more valuable when they want to sell it to others – but for people, it is both limiting and risky.

3) Monetization

Facebook is a business, and in business to do just one thing: make money. What that means is that they want to make money from their assets – your data. The recent furore over Instagram’s altered terms of service was just one example – and in many ways it was typical. Instagram has access to a huge collection of photographs – and since Facebook acquired Instagram for $1 billion earlier in 2012, it has been looking for ways to make money out of those photographs. The internet community’s reaction to that change was dramatic – and Instagram quickly changed tack (or at least appeared to) but make no mistake, the issue will recur. Facebook will look to make money – since the far-from-stellar IPO, the pressure to make money has been growing. Facebook has to satisfy its shareholders first of all, its advertisers next, and its ‘users’ last of all. The users don’t provide money directly, after all – so Facebook has to make money from their data. That drive to make money means that what happens to you when your data is used is of very little consequence….

4) Profiling – and self-profiling

One of the best ways to describe Facebook is as a ‘self-profiling service’. Everything you put up on Facebook, every ‘like’ button you press, every silly game you play, every person you ‘friend’ (and every person that ‘friends’ you) helps build up that profile. The profiles are used primarily for advertising – but also to build up their database of profiles. Profiling is something that is risky in two diametrically opposite ways: if profiling is accurate, it impinges on your privacy, whilst if it is inaccurate it can mean that bad decisions are made for you or about you. What’s more, profiling data is particularly vulnerable – allowing far more accurate and dangerous forms of identity fraud and similar scams.

5) Facial recognition

Facebook loves facial recognition – and it’s not just a coincidence of names. Facial recognition allows them to make more and more links, which helps them to profile better, and also to anchor information in the ‘real’ world, just like their ‘real names policies. Their practices with facial recognition – including ‘automatically’ tagging photographs – may have been rebuffed in Europe on the grounds of data protection, but just as with the Instagram issue (see (3) above), make no mistake, it’s coming back. The risks will still be there – they’re inherent in the concept – but they’ll find a way to get what at least purports to be consent from users in order to satisfy the letter of the law. Anyone who has put a photo of themselves on Facebook should be concerned.

6) You never know who’s watching

Most Facebook users imagine that the people who look at their pages are their ‘friends’, or perhaps their ‘potential friends’, and don’t consider who else might look at what they post – and there are vast numbers of other groups who will look. Those who are slightly less naïve might understand that their employers might look, or their potential employers – but what about insurance companies, looking to see if people are engaging in risky activities, or credit agencies wanting to make more ‘accurate’ assessments? Or the authorities, looking for people doing ‘bad’ things – or people who ‘might’ do bad things? Show some interest in anything political… again, the risks are both ways: accurate watchers finding out things you don’t want them to find out, inaccurate watchers making bad decisions based on incorrect assumptions.

7) Facebook is forever

Many users of Facebook start off ‘young’ – perhaps in age, but perhaps in naïveté. They put material up that they think is funny, or cool, and don’t think how it might look in the future. This doesn’t just mean the odd drunken photo being seen by a potential employer – it means pretty much everything you put on Facebook. There was a big story in September 2012 when people thought their old ‘private messages’ were being posted onto their timelines, and they were hugely upset.It wasn’t true: what was actually happening was that some of their old public posts, posts from a few years ago, were reappearing – and people had forgotten the kind of things that they used to post. What you want to be public one year, you might well wish to forget in a few year’s time: with Facebook, that’s close to impossible! These days you can delete your account – but even if you do, that may not be enough. Services like profileengine.com keep old Facebook profiles even when they’ve been deleted….

8) Monopoly

Facebook is proud that it has now got more than 1 billion users – which makes it pretty close to the only game in town. Monopolies are very, very rarely a good thing – and if Facebook becomes (or perhaps has already become) the default, that puts a huge amount of extra power in their hands. Effectively, they can do whatever they want, and we’ll still have to be there. That can’t be good – and shouldn’t be good, particularly is you really CAN leave, and really DON’T need to be on Facebook. There are alternatives….

9) Concentration

…and those alternatives offer a solution to another risk involved in Facebook. Facebook wants to be all things to all people – and that means all your data, all your links, all aspects of your life concentrated in one place. That means much more accurate profiling, but also much greater vulnerability. If Facebook knows everything about you, they have much more power over you – and their profiles become much more powerful, so if compromised, sold, hacked, given to the authorities, to some other ‘enemy’ of yours, they have much more potential for damage. What would be much better – though somewhat harder work – would be to use different services for different features. Use one provider for email, use twitter for mass communication, set up your own blog on a different provider, put your photos on your own website, play games on yet another and so forth. Much less risk – and much more freedom to get better services. Also, much less dependency…

10) Dependency – and bad habits…

The last reason I’m going to mention here is dependency. Many people seem to be becoming deeply dependent on Facebook. They use it for everything – and seem totally lost if it goes down. They can’t contact their real friends and relations – they haven’t even kept a record of their email addresses. That means they end up spending far too much time on Facebook – and get into lots of bad habits, habits that Facebook encourage. Too much sharing (which to Facebook sounds like blasphemy), too many pictures posted online, too much information given out (e.g. geo-location data) without a real thought to the consequences. If you leave Facebook, and instead set up particular systems for particular functions, you’re far less likely to become dependent – and you’re far less lost if one or other of those services goes down for some reason or other.

And if that’s not enough…

…there are many other reasons. One that matters to people like me is that the only way that Facebook will ever change in any meaningful way, the only way it will start to take users’ privacy and other rights seriously, is if it starts to lose users. If enough people start leaving, it will have to do something differently, and start to take us more seriously rather than just treat us as cattle to be herded and milked….

So why not do it? Make it your New Year’s Resolution: leave Facebook!

Here is a link to instructions as to how to delete your Facebook account. If you have the strength, go for the real ‘deletion’ rather than the ‘deactivation’ method. If you just deactivate, you’re leaving your data there for Facebook and their partners to exploit…..

NOW ALSO AVAILABLE ON VIDEO (if you want proof that I can’t sing): here

Privacy is the gift that keeps on giving…. and for privacy advocates and lawyers, this year particularly! To keep festive, here’s a little song for the season…. Now if only I could sing!

—————————————–On the first day of Christmas
My true love gave to meThe Leveson Inquiry—————————————–On the second day of ChristmasMy true love gave to meTwo Royal boobies (1)And the Leveson Inquiry—————————————– On the third day of ChristmasMy true love gave to meThree data breaches (2)Two Royal boobiesAnd the Leveson Inquiry —————————————–On the fourth day of ChristmasMy true love gave to meFour Cops resigning (3)Three data breachesTwo Royal boobiesAnd the Leveson Inquiry —————————————–On the fifth day of ChristmasMy true love gave to meThe News – of the – WorldFour cops resigningThree data breachesTwo Royal boobsAnd the Leveson Inquiry—————————————– On the sixth day of ChristmasMy true love gave to meSix BBC fiascos (4)The News – of the – WorldFour cops resigningThree data breachesTwo Royal boobsAnd the Leveson Inquiry —————————————–On the seventh day of ChristmasMy true love gave to meSeven super-injunctions (5)Six BBC fiascosThe News – of the – WorldFour cops resigningThree data breachesTwo Royal boobsAnd the Leveson Inquiry —————————————–On the eighth day of ChristmasMy true love gave to meEight hacks arrested (6)Seven super-injunctionsSix BBC fiascosThe News – of the – WorldFour cops resigningThree data breachesTwo Royal boobsAnd the Leveson Inquiry—————————————– On the ninth day of ChristmasMy true love gave to meNine leakers leakingEight hacks arrestedSeven super-injunctionsSix BBC fiascosThe News – of the – WorldFour cops resigningThree data breachesTwo Royal boobsAnd the Leveson Inquiry—————————————– On the tenth day of ChristmasMy true love gave to meTen snoopers snooping (7)Nine leakers leakingEight hacks arrestedSeven super-injunctionsSix BBC fiascosThe News – of the – WorldFour cops resigningThree data breachesTwo Royal boobsAnd the Leveson Inquiry —————————————–On the eleventh day of ChristmasMy true love gave to meEleven bloggers bloggingTen snoopers snoopingNine leakers leakingEight hacks arrestedSeven super-injunctionsSix BBC fiascosThe News – of the – WorldFour cops resigningThree data breachesTwo Royal boobsAnd the Leveson Inquiry —————————————–On the twelfth day of ChristmasMy true love gave to meTwelve tweeters tweetingEleven bloggers bloggingTen snoopers snoopingNine leakers leakingEight hacks arrestedSeven super-injunctionsSix BBC fiascosThe News – of the – WorldFour cops resigningThree data breachesTwo Royal boobsAnd the Leveson Inquiry—————————————–Notes:(1) The Duchess of Cambridge was photographed topless in France… and if you don’t remember that farrago, lucky you.(2) Actually far, far more than three data breaches…….(3) To be more accurate, two resigned, one was suspended and one put on extended leave. (4) There may be fewer, but it feels like at least six, from the Savile and Newsnight cases downwards! Poetic license….(5) It’s not clear precisely how many have been granted – but far fewer than people might think!(6) Actually significantly more, even in connection with Leveson alone. A lot. (7) If the Home Office had had its way, we’d have had far, far more than 10 snoopers snooping with the Snoopers’ Charter (Communications Data Bill). Fortunately, we managed to head them off at the pass, at least for now!

The Director of Public Prosecutions issued ‘Interim guidelines on prosecuting cases involving communications sent via social media’ today – in response to the plethora of cases that have been gathering attention over the last few years. There have been many: from the ‘Twitter Joke Trial’ to the racist tweets following the collapse of footballer Fabrice Muamba, the ‘grossly offensive’ tweets about April Jones and so forth. The issuance of such guidelines is in general a good thing – it is important that the CPS gets a better grip over the realities of the social media – and the guidelines themselves seem to represent a small step forward in that direction. It is important to understand, however, that these are just guidelines, and that what is needed, in my view at least, is a change in the law itself. That, of course, is quite rightly not the business of the DPP. It will be up to Parliament to deal with – and whether Parliament is up to the task is a huge question.

My main thoughts on the guidelines are:

Their very existence is a good thing – they will force prosecutors to think a bit more deeply about how the social media functions

The real test of their success or failure will not be how they look, but how they work out in practice. The proof of this pudding is very definitely in the eating. Only time will tell – but I’m not overly optimistic.

The three types of communication separated out for comment individually (credible threats, communications targeting specific individuals, breaches of court orders) are dealt with pretty much as expected: the law is outlined in a straightforward fashion. However, with regard to the ‘credible threats’ section at least, the evidence of the Twitter Joke Trial does not inspire confidence in the interpretation – and the lack of acknowledgement (let alone contrition) from the DPP of how poorly the CPS dealt with that trial only makes that worse. Have the DPP and CPS learned from that fiasco, or have they merely licked their wounds and brooded? Again, only time will tell.

The talk of a ‘high threshold’ – emphasised in the guidelines – is very much to be welcomed. The guidelines say that prosecutors should only proceed with a case when they are satisfied that the communication in question is more than: offensive, shocking or disturbing; satirical, iconoclastic or rude comment; or the expression of unpopular or unfashionable opinion about serious or trivial matters, or banter or humour, even if distasteful to some or painful to those subjected to it. This is good – but again, time will tell how well it works out in practice.

The suggestion that prosecutions are unlikely to be in the public interest when the communication has been swiftly removed, or remorse shown, or if it wasn’t intended for a wide audience etc is also very much to be welcomed.

Overall, then, these represent small steps, and could help – but as noted, the real test is how they work out in practice. As far as they go, these guidelines seem to be as good as we could have expected in the circumstances. The CPS cannot decide unilaterally not to apply the law – quite rightly – and this law does exist. Whether it should exist, particularly in the form that it currently exists, is another matter entirely. Parts of the law do seem to be close to unfit for purpose in the age of social media: in my opinion they need to be reassessed with some degree of urgency

In particular, the Malicious Communications Act 1988 and Section 127 of the Communications Act 2003, together with the Part 1 of the Public Order Act 1986 need a much more careful examination. More intelligent, up-to-date and sensitive interpretation can only take us part of the way – and if the CPS fails to live up to the promises in this report it may not take us far forward at all. What’s needed, in my opinion, is a new look at the law itself. The social media is now of sufficient importance that it deserves this kind of attention. The guidelines talk relatively positively about the need to take freedom of expression into account – in the current age, the social media is a crucial element of that freedom of expression. that needs to be considered very seriously indeed.

One of the big stories on the net over the last couple of days has surrounded Instagram, the photo-sharing site acquired by Facebook for around $1 billion earlier in 2012. Instagram, it appeared, was going to change its terms and conditions giving it, in the words of the BBC news website, “the right to sell users’ photos to advertisers without notification.”

Instagram’s suicide note?

The reaction was, in many ways, predictable – or at least should have been. Users were ‘outraged’ – and word spread quickly around the internet that Instagram was doing something terrible, and that everyone should leave, and leave now. Cord Jefferson, in Gawker, put it like this:

‘Instagram’s Absurd New Terms of Use Agreement Is Already Being Called Its ‘Suicide Note’’

Links to websites explaining how to download your photos from Instagram, and others explaining how to delete your account, spread around twitter like wildfire, and stories made it from the technical press and the blogosphere right into the heart of the mainstream media – the BBC new story noted above was (and still is, at time of writing) prominently displayed on its home page.

Instagram moved pretty quickly – they put out a blog post last night suggesting that it was all a misunderstanding. ‘Legal documents are easy to misinterpret’ they suggested, and moved to change the words a little, and to sooth the hurt feelings of their users, and reassure them that nothing was wrong. Will it work? Do the new words mean anything substantially different? And was it all a twitterstorm in a teacup anyway?

What’s so bad?

The problem raises a number of issues. The first question to ask is why people were so outraged. After all, they ‘share’ these pictures with the world – what’s so bad about sharing them a bit further, and at the same time allowing Instagram to put together a business model that actually works, and hence allows them to provide the ‘free’ service that so many people have been enjoying. The second is whether they were right to be outraged – or at least, whether they would be right to be outraged if the story as presented was true. I can see a number of reasons for both – but to unpick them, we need to look at the different kinds of pictures that people might put on Instagram.

What’s a picture worth?

There are two very different issues at play here: intellectual property and privacy. From an intellectual property perspective, people seemed to be outraged that Instagram are ‘exploiting’ their photographs for financial gain. After all, these photos are ‘theirs’, not Instagram’s – so what right to Instagram have to sell them on to advertisers? Instagram has been very direct in making sure that people know that Instagram is NOT claiming any kind of ownership rights to people’s photographs, both in its terms and conditions and in its new, explanatory blog – but is that really the point? The idea, at least as I understand it, isn’t really that they would ‘sell’ the photos to the advertisers, but allow the advertisers to ‘use’ the photos – a kind of licensing agreement.

From Instagram’s perspective, that probably seems fair enough – they provide a service, we let them ‘use’ our photos. Quid pro quo. They may even be right – there’s no such thing as a free lunch, and users of the internet need to start understanding that a bit better. If a company provides you with a ‘free’ service, either they’ve got to make money out of it somehow or they’re going to die a painful death. What’s more, professional photographers should have been aware of the issue – and I’m sure most of them are – so shouldn’t be putting their real, professional work on Instagram or anything like it. By all means put low-res tasters on Instagram, but keep the real things for your own website, or some professional service. If professionals didn’t know that already, this little storm should have been a wake-up call.

Some people have a somewhat superficial idea of privacy – that it’s about ‘hiding’ things. The ‘nothing to hide/nothing to fear’ argument is made all too often, but it fundamentally misunderstands the nature of privacy. A better way to look at privacy is that it’s about control – not complete control, but a degree of control – over what you show to whom, and when, and how. We say different things to our families and our colleagues, to our partners and our children, to people we meet in the street, to our bank managers and our employers. That’s the fundamental fallacy in the Instagram argument, at least insofar as personal, private (rather than professional) pictures are concerned. Just because we share a picture with one group of people, we don’t necessarily want to share it with others.

What’s more, privacy is as much about how and where you share, as to whom. Putting a picture up on Instagram is one thing – having your face, or your children’s faces on an advertisement is quite another. Taking it a step further, most people would like to know what their pictures are being used to advertise. It was a poignant coincidence that the story that the same ‘hardworking family‘ being used by the Conservative Party in their campaign against benefit ‘scroungers’ was also being used to advertise yoghurt, a Christian home-schooling CD, cod liver oil and a Spanish Dentist came out at the same time as the Instagram story – it shows how images can be used for many, varied purposes.

There are other issues of course – the possibility of facial recognition software or other analytical tools being used on photos, and the information gleaned being misused (e.g. for credit rating or insurance purposes, by potential employers to making hiring/firing decisions). The potential is huge. That, though, is part of the point. Pictures are worth a lot more than the ‘intellectual property’ value associated with them. A thousand words? Much, much more than that.

The news that Lord McAlpine has started legal proceedings against Sally Bercow for libel over her tweets has been greeted in some quarters by dismay. I don’t see it that way: from an academic perspective, and potentially for future tweeters in related circumstances, it could end up being good news. One of the difficulties at the moment is that we really don’t know exactly where we stand. A high profile High Court battle could help us find out – and a high profile battle it seems likely to be, with Bercow having engaged those renowned lawyers Carter-Ruck. In the law in England and Wales, it’s hard to know where you are without a proper court case: the proof of the legal pudding is very much in the eating.

What’s more, in this case, all possible outcomes have their upside. I’m not going to speculate as to how the case will go – though you might want to look at my guide to defamation on twitter, which is here. I look forward to following the case closely, if it does actually come to trial – and it is important to understand what the main possible outcomes are, and what impact each of them might have. There are three main possibilities:

Lord McAlpine could lose;

Lord McAlpine could win, but be awarded relatively small damages; or

Lord McAlpine could win, and be awarded substantial damages.

If the first happens, and Lord McAlpine ends up with a legal bloody nose, many tweeters will breathe a huge sigh of relief. The chilling effect will be effectively melted, and twitter will feel a freer, more comfortable place.

If the second happens, though the result won’t be as ‘freeing’ for tweeters, it might well mean that potential claimants are less likely to pursue people for defamatory tweets. If the damages to be gained are lower, and the costs are still substantial, why bother? Just ask for an apology, or move on. Cases that are pursued would only occur in very serious circumstances, or where the defamation is very clear and very damaging – in which case it may well be entirely appropriate! Twitter does need to have some kind of responsibility…

If the third happens, the result may be pretty hideous for Bercow herself – but it is important to understand that damages in libel cases in England and Wales are no longer as high as at their peak in the 80s. The £50,000 that Lord McAlpine is reported to have asked from Bercow would be a hefty figure by recent standards, for example. Even so, from the perspective of the future, there is an upside to this – it would make it crystal clear that defamation law, insofar as it relates to the social media, is in dire need of reform.

I have argued elsewhere for this – and for the development of a ‘defence of responsible tweeting’ to provide clarity and reassurance for tweeters. This is a key moment – for the first time in many years, a new defamation bill is making its way through parliament. If we are going to change the law, this is the moment. A case like the Bercow/McAlpine case could provide the ammunition that is needed to convince parliament that a change is needed, a change that would support the developing social media community.

That’s why I am not dismayed at Lord McAlpine’s move – I can see a good way forward whichever result comes from the case. In a way, the worst thing would be if it didn’t make it to court. That is also still entirely possible. Some kind of settlement might happen, or McAlpine might even drop the case. That would leave us with more uncertainty – and uncertainty is rarely good in a legal context. I’d like to see something out in the open, something proved.

The Joint Committee on the Draft Communications Data Bill produced its report today – (available here) and it’s a devastating piece of work, ripping the bill, and process through which it was drafted, to shreds. As tweeter @EinsteinsAttic put it, the committee concludes that the bill is ‘overreaching, poorly drafted, ill-defined, not based on evidence or proper consultation, and misleadingly costed.’ And yet I’m sure I won’t be the only privacy advocate who is a little disappointed by the final result – though I’m probably asking too much! I have not yet been through the piece with a fine-tooth comb, and will write more when I have, but these are my initial thoughts.

Fanciful and misleading…

One of the best turns of phrase in the report is the description of the some of the cost-benefit analysis provided by the Home Office as ‘fanciful and misleading’ – but it would have been good to see such a comment broadened to cover the entire basis of the ‘case’ made by the Home Office, not just the costs. Instead, there seems to be an assumption that this case, regardless of the lack of evidence and lack of consultation with experts, is a reasonable one. There has not even been ‘private’ evidence given by the Home Office and intelligence services to the committee – though the committee has seen the recommendations of the Intelligence and Security Committee, who have been given evidence by the intelligence services.

The way that any evidence in support of the bill is hidden is something which, though understandable, seems to be wrong. It seems to me that given the seriousness of the infringements on privacy, free speech, free association, free assembly and other human rights, we have the right to know more. A bill like this needs public support – and that means we need to know more.

Insufficient attention

Having said this, the report is pretty devastating. In privacy terms, it is quite clear:

“[W]e believe that the draft Bill pays insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data”

The biggest problem with the bill is Clause One – the very essence of the bill – and the committee recognises that. The clause as drafted effectively allows the Home Office to require any communications provider to gather pretty much whatever data the Home Office asks for – with the one ill-defined exception of ‘content data’. This the committee effectively rejects, suggesting instead a much more restricted set of powers – limiting the types of data that can be gathered to “those categories of data for which a case can now be made.”

In the opinion of people like me, this would actually mean reducing the amount of data gathered from what is currently gathered, though one suspects that the final result will be something rather different. Even so, this is a very welcome suggestion. The report also recommends, crucially, that expansions into new areas and new data types would require proper parliamentary oversight, either through primary legislation or a “super-affirmative procedure which would guarantee fuller Parliamentary consideration than a standard affirmative order.” This would at least provide some protection from function creep – not enough, in my view, but a great deal better than the current plan.

There is some additional protection suggested – the committee recommends that the bill ‘should provide for wilful or reckless misuse of communications data to be a specific offence punishable in appropriate cases by imprisonment.’ As a deterrent this might also help – but it remains to be seen how effective it might be – and whether it would actually be used if it was included in the bill.

Where data exists it is vulnerable

What is missing, at least from my first review, is a recognition that the warranting process should – or at the very least could – take place before the gathering of data, rather than before the filtering of data. It means that, sadly, the committee is still suggesting that all of us could be snooped on all the time, and that data (though less limited data than that originally suggested) could be gathered and held about all of us. There is a small amount of attention paid to the vulnerability of this data – and a recognition that the current bill doesn’t pay sufficient attention to the security of data, or how much ensuring that security would cost – but it seems to me that it doesn’t pay enough attention to this issue. It is a fundamental: where data exists, it is vulnerable. That point means that even a new, amended bill on the basis of this report would still create new risks, new vulnerabilities…

Restricting availability

The report makes admirable suggestions about limiting who can access the data gathered, requiring first of all that they be specified in the Bill itself, and secondly that the number of public bodies getting access be reduced:

“Any public authorities which make a convincing business case for having access to communications data should, like the six we have specified in paragraphs 128 and 129, be listed on the face of the Bill. We expect this to be a greatly reduced number when compared to the authorities currently listed in the Regulation of Investigatory Powers (Communications Data) Order 2010.”

This does deal with one of the key issues with RIPA – and, in practice, could well reduce the level of abuse. I hope so.

The report also attacks the breadth of the reasons suggested as to why data might be accessed – but pulls its punches a little. Effectively ti says that the scope is too broad, but doesn’t say how to narrow it:

“We are concerned that the long list of permitted purposes for which communications data can be requested adds to public disquiet about the breadth of the Bill. While we do not make specific recommendations about how this list could be shortened, we recommend that the Government should consult on whether all the permitted purposes are really necessary.”

I would have hoped for something a lot clearer – and that when the Government consults about this, they consult properly…. something which they conspicuously failed to do in the run up to the drafting of the bill in the first place.

A proper consultation…

This is the area in which the report is the strongest, from my perspective. It makes it very clear that the Home Office ‘consultation’ was feeble at best. This is where the key should be. As the report suggests:

“Before re-drafted legislation is introduced there should be a new round of consultation with technical experts, industry, law enforcement bodies, public authorities and civil liberties groups. This consultation should be on the basis of the narrower, more clearly defined set of proposals on definitions, narrower clause 1 powers and stronger safeguards which are recommended in this report.”

That’s what we really need. A proper consultation. A really proper consultation, where the proper experts are given the opportunity to make their views heard. Overall, I’d say the committee did a good job in the circumstances – but those circumstances were far from ideal. The consultation period (for written evidence) was short, over a summer, when many people (particularly those in academia) have little time to contribute – and it was a consultation ‘after the fact’, with the bill already drafted. We needed – and deserved – much more time. The committee says so, and says so loud and clear.

Will the Home Office listen?

That’s the big question – and one that many of us observing have been wondering for a while. This report is pretty devastating, at least in the detail – and the Home Office should get the message pretty clearly. There’s a lot that I haven’t covered in this post – the fanciful and misleading cost-benefit analysis, for example, and the technical details – but the overall conclusion is pretty clear. What they’ve done has simply not been good enough – and they need to go back and think again.

Will they? Or will they just lick their wounds and carry on regardless, accusing those of us who oppose their plans of risking lives, and of having blood on our hands? Number 10 seems to be saying now that they will ‘accept’ the criticism (see here, for example) but how much they will ‘accept’ remains to be seen. I hope they listen – but if they don’t, or just pay ‘lip service’ to the issue, they need to know that they have a fight on their hands. This report gives us a pretty good weapon to use in that fight.

And what of the Labour Party?

The final part of the equation is the Labour Party. The Liberal Democrats have come out firmly against the bill, which is important, and my own MP, Julian Huppert, in particular, needs to be given a lot of credit for that – but if the Labour Party fails to oppose it, that may not be enough. I’m looking forward to hearing what they have to say. I have heard noises that Yvette Cooper is going to make what I would think of as the right call, and a report in the Guardian suggests that she will, and this good piece by Nick Brown in the Independent gives me hope that the Labour Party is finally finding its way on this issue. Let us hope so! It would be good to have some kind of all-party consensus on this issue. Privacy, in general, is not a party political issue – there are groups within all parties that support it, and groups within all parties that see it as something that is of little importance in relation to security and other related issues. One of the things that has been most interesting about the struggle against the Communications Data Bill has been the way it has drawn together allies from all parts of the political spectrum. In the end, that has to be a good thing.

Start all over again

My overall view is clear – this bill doesn’t just need a few tweaks, it needs abandoning entirely. Nick Clegg has suggested going back to the drawing board – I agree. We should start from a totally different premise – we should be cutting down on internet surveillance rather than expanding it, and working towards the repeal of the Data Retention Directive and its implementation in the UK. The issues discussed in this damning report are equally applicable to existing law, which already compromises privacy in an excessive manner. Let’s start again – and put people’s privacy first.